hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srikanth Srungarapu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-13283) Document the steps for rolling back the security on hbase.
Date Fri, 20 Mar 2015 07:11:38 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14370883#comment-14370883
] 

Srikanth Srungarapu commented on HBASE-13283:
---------------------------------------------

[~apurtell] You might have used wrong jira number while making the commit. The commit(38286ec3a0d39f4a14777a81a99024bc8266c8d7)
has the following changes 
{code}
+Groups can be granted visibility labels the same way as users. Groups are prefixed with an
@ symbol. When checking visibility labels of a user, the server wi
+When the visibility labels are retrieved using API `VisibilityClient#getAuths` or Shell command
`get_auths` for a user, we will return labels added specifica
+
 Visibility label access checking is performed by the VisibilityController coprocessor.
 You can use interface `VisibilityLabelService` to provide a custom implementation and/or
control the way that visibility labels are stored with cells.
 See the source file _hbase-server/src/test/java/org/apache/hadoop/hbase/security/visibility/TestVisibilityLabelsWithCustomVisLabService.java_
       for one 
@@ -1171,12 +1174,16 @@ hbase> set_auths 'service', [ 'service' ]
 ----
 
 ----
-gbase> set_auths 'testuser', [ 'test' ]
+hbase> set_auths 'testuser', [ 'test' ]
 ----
 
 ----
 hbase> set_auths 'qa', [ 'test', 'developer' ]
 ----
+
+----
+hbase> set_auths '@qagroup', [ 'test' ]
+----
 ====
 +
 .Java API
@@ -1213,6 +1220,10 @@ hbase> clear_auths 'testuser', [ 'test' ]
 ----
 hbase> clear_auths 'qa', [ 'test', 'developer' ]
 ----
+
+----
+hbase> clear_auths '@qagroup', [ 'test', 'developer' ]
+----
 {code}

> Document the steps for rolling back the security on hbase.
> ----------------------------------------------------------
>
>                 Key: HBASE-13283
>                 URL: https://issues.apache.org/jira/browse/HBASE-13283
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Srikanth Srungarapu
>             Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.12
>
>
> Would be great to document the steps the user should follow to rollback the security.
The following are 
>    * shutdown hbase
>    * run hbase clean up script with --cleanAcls introduced in HBASE-13162. 
>    * remove from the hbase-site.xml conf
> {code}
>         hbase.security.authentication
>         hbase.regionserver.kerberos.principal
>         hbase.regionserver.keytab.file
>         hbase.master.kerberos.principal
>         hbase.master.keytab.file
> {code}
> * Removing AccessController coprocessors from hbase-site.xml
> * Address "hbase.security.authorization" based on outcome of HBASE-13275.
> cc: [~misty]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message